# 2023-01-16 Scope

This meeting was scheduled to determine the scope of the challenge and to make sure it was covered from multiple angles. 4 different vendors attended the meeting.

### Resources
Video available @ [youtube](https://www.youtube.com/watch?v=Z3gvtirrncE)

[Presentation available](https://docs.google.com/presentation/d/1ACRvFBOZUdLzNuM1IyoDGp50CmOOkUZBACewdQI4M20/edit)

### Conclusion

The following points were concluded from the meeting:

* An authorization must be usable by any node/app from the organization which is authorized.
* Any node/app of an organization must accept this authorization
* Authorizations must only be issued to nodes that support the use-case
* Nodes/apps that issue authorizations must be authorized by the organization to do so for a use-case
* Authorizations must be automatically issued/revoked/sent when the topology changes (new nodes, nodes removed)
* The trust between the authorization issuer and authorization verifier within an organization requires extra care

### Addtional notes

Currently the Nictiz qualification process can only qualify a pair of vendors/applications where each party covers the entire side of a use-case. Eg 1 side covers sending and the other receiving. It was concluded that to support multiple vendors properly, a combination of vendors at one side must be able to qualify as well.